Total
498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36751 | 1 Growatt | 2 Mic3300tl-x, Shinelan-x | 2025-12-14 | N/A |
| Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint. | ||||
| CVE-2025-13053 | 1 Asustor | 1 Adm | 2025-12-12 | N/A |
| When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the UPS server configuation. This issue affects ADM: from 4.1.0 through 4.3.3.RKD2, from 5.0.0 through 5.1.0.RN42. | ||||
| CVE-2025-65825 | 1 Meatmeet | 1 Meatmeet | 2025-12-12 | 4.6 Medium |
| The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect over UART, and retrieve the firmware dump for analysis. Within the NVS partition they may discover the credentials of the current and previous Wi-Fi networks. This information could be used to gain unauthorized access to the victim's Wi-Fi network. | ||||
| CVE-2023-46219 | 3 Fedoraproject, Haxx, Redhat | 3 Fedora, Curl, Jboss Core Services | 2025-12-02 | 5.3 Medium |
| When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. | ||||
| CVE-2025-64147 | 1 Jenkins | 2 Curseforge Publisher, Jenkins | 2025-11-04 | 4.3 Medium |
| Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-64146 | 1 Jenkins | 2 Curseforge Publisher, Jenkins | 2025-11-04 | 4.3 Medium |
| Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2025-64145 | 1 Jenkins | 2 Byteguard Build Actions, Jenkins | 2025-11-04 | 4.3 Medium |
| Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-64144 | 1 Jenkins | 2 Byteguard Build Actions, Jenkins | 2025-11-04 | 4.3 Medium |
| Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2025-64143 | 1 Jenkins | 1 Openshift Pipeline | 2025-11-04 | 4.3 Medium |
| Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2025-53678 | 1 Jenkins | 1 User1st Utester | 2025-11-04 | 6.5 Medium |
| Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2025-53676 | 1 Jenkins | 1 Xooa | 2025-11-04 | 6.5 Medium |
| Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2025-53673 | 1 Jenkins | 1 Sensedia Api Platform Tools | 2025-11-04 | 6.5 Medium |
| Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2025-53668 | 1 Jenkins | 1 Vaddy | 2025-11-04 | 6.5 Medium |
| Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53666 | 1 Jenkins | 1 Dead Man\'s Snitch | 2025-11-04 | 6.5 Medium |
| Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53663 | 1 Jenkins | 1 Ibm Cloud Devops | 2025-11-04 | 6.5 Medium |
| Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53659 | 1 Jenkins | 1 Qmetry Test Management | 2025-11-04 | 6.5 Medium |
| Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53653 | 1 Jenkins | 1 Aqua Security Scanner | 2025-11-04 | 4.3 Medium |
| Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2020-10124 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2025-11-04 | 7.1 High |
| NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery. | ||||
| CVE-2024-7396 | 1 Korenix | 1 Jetport 5601v3 | 2025-11-04 | N/A |
| Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2. | ||||
| CVE-2024-25027 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | 6.2 Medium |
| IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607. | ||||